npm - @magnet-cms/core - Versions diffs - 1.0.3 → 3.0.0 - Mend

@magnet-cms/core 1.0.3 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/cache.settings-WVD3J7KS.js +5 -0
package/dist/{chunk-VRD3SNTH.js → chunk-4KTI5N3Y.js} +5 -5
package/dist/{chunk-2G3SJVME.js → chunk-57BXP7WT.js} +3 -3
package/dist/{chunk-GRTSRYQ3.js → chunk-5ZNZ457Y.js} +1 -1
package/dist/{chunk-UPVWRKGL.js → chunk-BLOJL7F5.js} +1 -1
package/dist/{chunk-IRYV6KDU.js → chunk-D3C3IDJE.js} +1806 -2919
package/dist/chunk-FPVW2XEK.js +77 -0
package/dist/{chunk-VPQMUAKT.js → chunk-L5S66O2C.js} +2945 -1418
package/dist/{chunk-5KKPPI6S.js → chunk-LSFWCRI6.js} +3 -3
package/dist/{dist-es-EKS5UN6W.js → dist-es-FN4ZDH7H.js} +3 -3
package/dist/dist-es-IFKE2QTH.js +1 -1
package/dist/{dist-es-J4ID6CFE.js → dist-es-JOTZAW56.js} +3 -3
package/dist/{dist-es-SH3IYNFH.js → dist-es-UU6EFY2O.js} +2 -2
package/dist/index.cjs +62120 -8608
package/dist/index.d.cts +22 -7
package/dist/index.d.ts +22 -7
package/dist/index.js +53223 -193
package/dist/{loadCognitoIdentity-IDLT73F5.js → loadCognitoIdentity-VHCOBTS2.js} +4 -4
package/dist/{loadSso-VKQ2MGWC.js → loadSso-5XNIYOZP.js} +4 -4
package/dist/{loadSts-CDV5EIAC.js → loadSts-IC4PURXF.js} +6 -6
package/dist/magnet-module-imports.cjs +3864 -3393
package/dist/magnet-module-imports.d.cts +6 -2
package/dist/magnet-module-imports.d.ts +6 -2
package/dist/magnet-module-imports.js +12 -11
package/dist/modules.cjs +3921 -2174
package/dist/modules.d.cts +298 -618
package/dist/modules.d.ts +298 -618
package/dist/modules.js +179 -15
package/dist/permission.guard-B8HLjHP2.d.cts +912 -0
package/dist/permission.guard-B8HLjHP2.d.ts +912 -0
package/dist/{settings.module-CS9n15pg.d.cts → settings.module-CX5Cs5fA.d.cts} +29 -3
package/dist/{settings.module-CS9n15pg.d.ts → settings.module-CX5Cs5fA.d.ts} +29 -3
package/dist/{signin-OTF7SOKV.js → signin-TXX6BWCZ.js} +4 -4
package/dist/{sso-oidc-IU7NSPWD.js → sso-oidc-CMVLR2KO.js} +4 -4
package/dist/{sts-IGHPXD4X.js → sts-MASJMUF3.js} +6 -6
package/package.json +3 -3
package/dist/auth-strategy.factory-D2p1hfeq.d.cts +0 -303
package/dist/auth-strategy.factory-D2p1hfeq.d.ts +0 -303
package/dist/{chunk-ISB33RLS.js → chunk-47RGXMWN.js} +3 -3

package/dist/modules.d.cts CHANGED Viewed

@@ -1,12 +1,12 @@
-import { a as NotificationModuleOptions } from './settings.module-CS9n15pg.cjs';
-export { A as ApiKeysModule, C as ContentModule, D as DocumentModule, H as HistoryModule, N as NotificationModule, P as PluginModule, R as RBACModule, S as SettingsModule } from './settings.module-CS9n15pg.cjs';
+import { b as NotificationModuleOptions } from './settings.module-CX5Cs5fA.cjs';
+export { A as ApiKeysModule, C as CacheModule, a as ContentModule, D as DocumentModule, H as HistoryModule, N as NotificationModule, P as PluginModule, R as RBACModule, S as SettingsModule } from './settings.module-CX5Cs5fA.cjs';
 import * as _magnet_cms_common from '@magnet-cms/common';
-import { getExtendUserOptions, FieldMetadata, SettingValue, Model, SettingType, SchemaSetting, AuthConfig, AuthStrategy, AuthUser, LoginCredentials, AuthResult, RegisterData, ControllerMetadata, MethodMetadata, SchemaMetadata, EmailAdapter, SendEmailOptions, SendEmailResult, EventPayload, MagnetModuleOptions, NotificationChannel, NotificationChannelAdapter, NotifyDto, NotificationQueryOptions, PaginatedNotifications, PluginConfig, PluginMetadata, PluginFrontendManifest, EnrichedPluginManifest, RegisteredPluginInfo, PermissionSource, PermissionDefinition, PermissionGroup, CategorizedPermissions, RoleWithPermissions, StorageAdapter, LocalStorageConfig, UploadOptions, UploadResult, TransformOptions, MediaQueryOptions, PaginatedMedia, BaseSchema, EventName, InitialConfig } from '@magnet-cms/common';
+import { getExtendUserOptions, FieldMetadata, SettingValue, Model, SettingType, SchemaSetting, CacheAdapter, CacheHealthResult, AuthConfig, AuthStrategy, AuthUser, LoginCredentials, AuthResult, RegisterData, EmailAdapter, SendEmailOptions, SendEmailResult, EventPayload, MagnetModuleOptions, NotificationChannel, NotificationChannelAdapter, NotifyDto, NotificationQueryOptions, PaginatedNotifications, EnrichedPluginManifest, PluginConfig, StorageAdapter, LocalStorageConfig, UploadOptions, UploadResult, TransformOptions, MediaQueryOptions, PaginatedMedia, BaseSchema, EventName, InitialConfig } from '@magnet-cms/common';
 export { HasPermission, PermissionMeta, RequirePermission, getPermissionMetadata, hasPermissionDecorator } from '@magnet-cms/common';
-import { U as UserService, C as CreateUserDto, b as User, c as PaginatedUserResult, M as MagnetLogger, E as EventService } from './auth-strategy.factory-D2p1hfeq.cjs';
-export { A as AuthStrategyFactory, H as Hook, I as InjectPluginOptions, P as Plugin, a as PluginDecoratorOptions } from './auth-strategy.factory-D2p1hfeq.cjs';
+import { U as UserService, C as CreateUserDto, c as User, d as PaginatedUserResult, M as MagnetLogger, E as EventService, D as DiscoveryService, e as PluginRegistryService } from './permission.guard-B8HLjHP2.cjs';
+export { A as AuthStrategyFactory, h as CreateRoleDto, i as DuplicateRoleDto, H as Hook, I as InjectPluginOptions, f as PermissionDiscoveryService, b as PermissionGuard, g as PermissionService, P as Plugin, a as PluginDecoratorOptions, k as Role, R as RoleService, j as UpdateRoleDto, V as ValidatePermissionIdsResult } from './permission.guard-B8HLjHP2.cjs';
 import * as _nestjs_common from '@nestjs/common';
-import { Type, DynamicModule, OnApplicationBootstrap, CanActivate, ExecutionContext, OnModuleInit, Logger, OnApplicationShutdown, NestInterceptor, CallHandler } from '@nestjs/common';
+import { Type, DynamicModule, OnApplicationBootstrap, CanActivate, ExecutionContext, NestInterceptor, CallHandler, OnModuleInit, Logger, OnApplicationShutdown } from '@nestjs/common';
 import { ModuleRef, Reflector, ModulesContainer, DiscoveryService as DiscoveryService$1 } from '@nestjs/core';
 import { Request, Response, NextFunction } from 'express';
 import * as rxjs from 'rxjs';
@@ -14,8 +14,8 @@ import { Observable } from 'rxjs';
 import * as _nestjs_passport from '@nestjs/passport';
 import * as passport_jwt from 'passport-jwt';
 import { Strategy } from 'passport-jwt';
-import { InstanceWrapper } from '@nestjs/core/injector/instance-wrapper';
 import { Readable } from 'node:stream';
+import '@nestjs/core/injector/instance-wrapper';
 declare class UpdateUserDto {
     email?: string;
@@ -906,6 +906,283 @@ declare const RequireApiKeySchema: (schema: string) => _nestjs_common.CustomDeco
  */
 declare const CurrentApiKey: (...dataOrPipes: unknown[]) => ParameterDecorator;
+/**
+ * CacheService provides a high-level API over any CacheAdapter.
+ *
+ * Inject this service wherever caching is needed. When @Cacheable(),
+ * @CacheEvict(), or @CachePut() decorators are used on controller methods,
+ * the CacheInterceptor uses this service automatically.
+ *
+ * For service-level caching, inject CacheService directly and call get/set.
+ *
+ * Settings integration: the `enabled`, `defaultTtl`, and `maxMemoryEntries`
+ * fields in the admin Settings UI take effect at runtime — no restart needed.
+ *
+ * @example
+ * ```typescript
+ * constructor(private readonly cache: CacheService) {}
+ *
+ * async getPost(id: string) {
+ *   const cached = await this.cache.get<Post>(`posts:${id}`)
+ *   if (cached) return cached
+ *   const post = await this.postRepo.findById(id)
+ *   await this.cache.set(`posts:${id}`, post)
+ *   return post
+ * }
+ * ```
+ */
+declare class CacheService {
+    private readonly adapter;
+    private readonly settingsService?;
+    private readonly logger;
+    constructor(adapter: CacheAdapter, settingsService?: SettingsService | undefined);
+    /** Name of the active cache adapter */
+    get adapterName(): string;
+    /**
+     * Retrieve a cached value by key.
+     * Returns null if cache is disabled via Settings or the key is not found.
+     */
+    get<T>(key: string): Promise<T | null>;
+    /**
+     * Store a value in the cache.
+     * No-op if cache is disabled via Settings.
+     * @param key - Cache key
+     * @param value - Value to cache (must be JSON-serializable)
+     * @param ttl - TTL in seconds. If omitted, uses the Settings defaultTtl.
+     */
+    set<T>(key: string, value: T, ttl?: number): Promise<void>;
+    /**
+     * Remove a value from the cache.
+     */
+    delete(key: string): Promise<void>;
+    /**
+     * Remove all cache entries matching a glob pattern.
+     * @param pattern - Glob pattern (e.g., `posts:*`)
+     */
+    deleteByPattern(pattern: string): Promise<void>;
+    /**
+     * Check if a key exists and has not expired.
+     */
+    has(key: string): Promise<boolean>;
+    /**
+     * Remove all cache entries.
+     */
+    clear(): Promise<void>;
+    /**
+     * Check cache adapter health.
+     */
+    healthCheck(): Promise<CacheHealthResult>;
+    private getSettings;
+    private isEnabled;
+    private getDefaultTtl;
+}
+/**
+ * Cache settings schema.
+ *
+ * Configures cache behavior and defaults, manageable from the admin Settings panel.
+ */
+declare class CacheSettings {
+    enabled: boolean;
+    defaultTtl: number;
+    maxMemoryEntries: number;
+}
+/** DI injection token for the cache adapter */
+declare const CACHE_ADAPTER_TOKEN = "CACHE_ADAPTER";
+/** Metadata key for @Cacheable, @CacheEvict, @CachePut decorators */
+declare const CACHE_METADATA_KEY = "__cache_metadata__";
+/** Metadata key for @CacheTTL decorator */
+declare const CACHE_TTL_KEY = "__cache_ttl__";
+interface MemoryCacheAdapterOptions {
+    /** Maximum number of cache entries before LRU eviction (default: 1000) */
+    maxEntries?: number;
+    /** Default TTL in seconds (default: 300) */
+    defaultTtl?: number;
+    /** Interval in ms for periodic expired-entry cleanup (default: 60000). Set to 0 to disable. */
+    cleanupIntervalMs?: number;
+}
+/**
+ * Built-in in-memory cache adapter with TTL and LRU eviction.
+ *
+ * Uses a Map with insertion-order tracking for LRU. Suitable for single-process
+ * deployments or development. For multi-instance deployments, use RedisCacheAdapter.
+ */
+declare class MemoryCacheAdapter implements CacheAdapter {
+    readonly name = "memory";
+    private readonly store;
+    /** Tracks access order for LRU: front = oldest, back = most recently used */
+    private readonly accessOrder;
+    private readonly maxEntries;
+    private readonly defaultTtl;
+    private cleanupTimer;
+    constructor(options?: MemoryCacheAdapterOptions);
+    get<T>(key: string): Promise<T | null>;
+    set<T>(key: string, value: T, ttl?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    deleteByPattern(pattern: string): Promise<void>;
+    has(key: string): Promise<boolean>;
+    clear(): Promise<void>;
+    healthCheck(): Promise<CacheHealthResult>;
+    dispose(): Promise<void>;
+    /**
+     * Mark key as most recently used.
+     * O(n) per access — acceptable for the default maxEntries=1000 with low-traffic workloads.
+     * For high-throughput production use, consider the Redis adapter instead.
+     */
+    private touchAccess;
+    /** Remove a specific key from store and accessOrder */
+    private evictKey;
+    /** Evict the least recently used entry */
+    private evictLru;
+    /** Remove all expired entries (periodic cleanup) */
+    private cleanup;
+}
+interface CacheableOptions {
+    /**
+     * Cache key. Supports `:arg0`, `:arg1` placeholders for method arguments.
+     * If omitted, a default key is generated from the class name, method name,
+     * and serialized arguments.
+     */
+    key?: string;
+    /** TTL override in seconds. If omitted, the interceptor uses @CacheTTL or adapter default. */
+    ttl?: number;
+}
+/**
+ * Cache the return value of a controller method.
+ *
+ * On the first call with a given key, the method executes and the result is stored.
+ * On subsequent calls with the same key (while not expired), the cached value is returned
+ * without executing the method.
+ *
+ * **⚠️ Requires `@UseInterceptors(CacheInterceptor)` on the controller or method.**
+ * Works on NestJS controller route handlers only — NOT on plain service methods.
+ * For service-level caching, inject `CacheService` and call `get`/`set` directly.
+ *
+ * @example
+ * ```typescript
+ * @Get(':id')
+ * @Cacheable({ key: 'posts::id', ttl: 300 })
+ * @UseInterceptors(CacheInterceptor)
+ * async getPost(@Param('id') id: string) {
+ *   return this.postsService.findOne(id)
+ * }
+ * ```
+ */
+declare function Cacheable(options?: CacheableOptions): MethodDecorator;
+interface CacheEvictOptions {
+    /**
+     * Cache key or glob pattern to evict (e.g., `posts:*` removes all post entries).
+     * If omitted, evicts the default key for this method.
+     */
+    key?: string;
+    /**
+     * When true, uses `deleteByPattern(key)` instead of `delete(key)`.
+     * Useful with glob patterns to evict multiple related keys at once.
+     */
+    allEntries?: boolean;
+}
+/**
+ * Evict cache entries after a controller method executes.
+ *
+ * The method always executes. After it completes, the specified cache key(s)
+ * are removed to prevent stale data on the next read.
+ *
+ * **⚠️ Requires `@UseInterceptors(CacheInterceptor)` on the controller or method.**
+ *
+ * @example
+ * ```typescript
+ * @Patch(':id')
+ * @CacheEvict({ key: 'posts:*', allEntries: true })
+ * @UseInterceptors(CacheInterceptor)
+ * async updatePost(@Param('id') id: string, @Body() dto: UpdatePostDto) {
+ *   return this.postsService.update(id, dto)
+ * }
+ * ```
+ */
+declare function CacheEvict(options?: CacheEvictOptions): MethodDecorator;
+interface CachePutOptions {
+    /** Cache key. If omitted, a default key is generated from class name, method name, and args. */
+    key?: string;
+    /** TTL override in seconds. If omitted, the interceptor uses @CacheTTL or adapter default. */
+    ttl?: number;
+}
+/**
+ * Always execute the method and update the cache with the result.
+ *
+ * Unlike `@Cacheable`, this never returns a cached value — it always executes
+ * and always writes the fresh result to the cache (forced refresh).
+ *
+ * **⚠️ Requires `@UseInterceptors(CacheInterceptor)` on the controller or method.**
+ *
+ * @example
+ * ```typescript
+ * @Post('refresh/:id')
+ * @CachePut({ key: 'posts::id' })
+ * @UseInterceptors(CacheInterceptor)
+ * async refreshPost(@Param('id') id: string) {
+ *   return this.postsService.findOne(id)
+ * }
+ * ```
+ */
+declare function CachePut(options?: CachePutOptions): MethodDecorator;
+/**
+ * Override the TTL for a cached controller method.
+ *
+ * Compose with `@Cacheable()` or `@CachePut()` to set a per-method TTL
+ * that overrides the adapter's default TTL.
+ *
+ * **⚠️ Requires `@UseInterceptors(CacheInterceptor)` on the controller or method.**
+ *
+ * @param seconds - Time-to-live in seconds
+ *
+ * @example
+ * ```typescript
+ * @Get('hot-data')
+ * @Cacheable({ key: 'hot' })
+ * @CacheTTL(30)
+ * @UseInterceptors(CacheInterceptor)
+ * async getHotData() {
+ *   return this.dataService.getHot()
+ * }
+ * ```
+ */
+declare function CacheTTL(seconds: number): MethodDecorator;
+/**
+ * Intercepts controller route handlers decorated with @Cacheable, @CacheEvict, or @CachePut.
+ *
+ * Apply via `@UseInterceptors(CacheInterceptor)` on a controller class or individual method.
+ *
+ * **⚠️ Only works on NestJS controller route handlers.** Plain service method calls are not
+ * intercepted. For service-level caching, inject `CacheService` directly.
+ *
+ * @example
+ * ```typescript
+ * @Controller('posts')
+ * @UseInterceptors(CacheInterceptor)
+ * export class PostsController {
+ *   @Get(':id')
+ *   @Cacheable({ key: 'posts::id', ttl: 300 })
+ *   async getPost(@Param('id') id: string) { ... }
+ * }
+ * ```
+ */
+declare class CacheInterceptor implements NestInterceptor {
+    private readonly cacheService;
+    private readonly reflector;
+    constructor(cacheService: CacheService, reflector: Reflector);
+    intercept(context: ExecutionContext, next: CallHandler): Observable<unknown>;
+    private handleCacheable;
+    private handleEvict;
+    private handlePut;
+}
 /**
  * Injection token for the auth strategy
  */
@@ -1015,6 +1292,16 @@ declare class DynamicAuthGuard implements CanActivate {
     static strategyName: string;
     canActivate(context: ExecutionContext): Promise<boolean> | boolean;
 }
+/**
+ * OptionalDynamicAuthGuard populates req.user when a valid token is present
+ * but allows the request through even without authentication.
+ *
+ * Use this for endpoints that behave differently when authenticated
+ * (e.g., /auth/status returns onboardingCompleted only for authenticated users).
+ */
+declare class OptionalDynamicAuthGuard implements CanActivate {
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}
 declare const JwtAuthGuard_base: _nestjs_passport.Type<_nestjs_passport.IAuthGuard>;
 declare class JwtAuthGuard extends JwtAuthGuard_base {
@@ -1442,114 +1729,6 @@ declare class DocumentService {
     }>>;
 }
-declare class MetadataExtractorService {
-    extractControllerMetadata(wrapper: InstanceWrapper<object>): ControllerMetadata;
-    extractMethodMetadata(instance: object, method: string): MethodMetadata | null;
-    extractSchemaMetadata(wrapper: InstanceWrapper<unknown>): SchemaMetadata | null;
-    /**
-     * Build schema properties from Field metadata, Setting Field metadata, and legacy Prop/UI metadata.
-     * Priority: Field metadata > Setting Field metadata > legacy Prop/UI metadata
-     */
-    private buildProperties;
-    /**
-     * Get the type name from field metadata
-     */
-    private getTypeNameFromFieldMetadata;
-    /**
-     * Get type name from a type constructor or design type
-     */
-    private getTypeName;
-    /**
-     * Check if a field is an array type
-     */
-    private isArrayField;
-    /**
-     * Build UI options from field metadata
-     */
-    private buildUIFromFieldMetadata;
-    /**
-     * Convert select/enum options to UI format
-     */
-    private convertSelectOptions;
-    /**
-     * Get ref (relationship reference) from field metadata
-     */
-    private getRefFromFieldMetadata;
-    /**
-     * Get the type name from setting field metadata
-     */
-    private getTypeNameFromSettingFieldMetadata;
-    /**
-     * Build UI options from setting field metadata
-     */
-    private buildUIFromSettingFieldMetadata;
-    /**
-     * Convert setting select options to UI format
-     */
-    private convertSettingSelectOptions;
-    getParamDetails(controller: Function, methodName: string): {
-        arg: string;
-        type: string;
-        name: string;
-    }[];
-    private getValidationMetadata;
-}
-declare class ControllerDiscoveryService {
-    private readonly modulesContainer;
-    private readonly metadataExtractor;
-    constructor(modulesContainer: ModulesContainer, metadataExtractor: MetadataExtractorService);
-    discoverControllers(): ControllerMetadata[];
-}
-declare class MethodDiscoveryService {
-    private readonly modulesContainer;
-    private readonly metadataExtractor;
-    constructor(modulesContainer: ModulesContainer, metadataExtractor: MetadataExtractorService);
-    getMethodDetails(path: string, methodName: string, controllers: ControllerMetadata[]): MethodMetadata | {
-        error: string;
-    };
-}
-declare class SchemaDiscoveryService {
-    private readonly modulesContainer;
-    private readonly metadataExtractor;
-    constructor(modulesContainer: ModulesContainer, metadataExtractor: MetadataExtractorService);
-    discoverSchemas(): {
-        schemas: SchemaMetadata[];
-        settings: SchemaMetadata[];
-    };
-}
-declare class DiscoveryService implements OnModuleInit {
-    private readonly controllerDiscovery;
-    private readonly schemaDiscovery;
-    private readonly methodDiscovery;
-    private controllers;
-    private schemas;
-    private settingsSchemas;
-    constructor(controllerDiscovery: ControllerDiscoveryService, schemaDiscovery: SchemaDiscoveryService, methodDiscovery: MethodDiscoveryService);
-    onModuleInit(): void;
-    getDiscoveredSchemas(): string[];
-    getAllDiscoveredSchemas(): SchemaMetadata[];
-    getDiscoveredSchema(name: string): SchemaMetadata | {
-        error: string;
-    };
-    getDiscoveredSettingsSchemas(): string[];
-    getAllDiscoveredSettingsSchemas(): SchemaMetadata[];
-    getDiscoveredSettingsSchemaNames(): string[];
-    getDiscoveredSettingsSchema(name: string): SchemaMetadata | {
-        error: string;
-    };
-    getDiscoveredControllers(): string[];
-    getDiscoveredController(name: string): ControllerMetadata | {
-        error: string;
-    };
-    getMethodDetails(path: string, methodName: string): MethodMetadata | {
-        error: string;
-    };
-}
 declare class ContentService {
     private readonly moduleRef;
     private readonly documentService;
@@ -2304,57 +2483,16 @@ declare const PLUGIN_MODULE = "plugin:module";
 /**
  * Generate standardized options token for a plugin.
  *
- * @param pluginName - The plugin name (e.g., 'content-builder')
- * @returns Token string (e.g., 'PLUGIN_CONTENT_BUILDER_OPTIONS')
+ * @param pluginName - The plugin name (e.g., 'playground')
+ * @returns Token string (e.g., 'PLUGIN_PLAYGROUND_OPTIONS')
  *
  * @example
  * ```ts
- * getPluginOptionsToken('content-builder') // 'PLUGIN_CONTENT_BUILDER_OPTIONS'
+ * getPluginOptionsToken('playground') // 'PLUGIN_PLAYGROUND_OPTIONS'
  * ```
  */
 declare function getPluginOptionsToken(pluginName: string): string;
-interface RegisteredPlugin {
-    metadata: PluginMetadata;
-    instance: unknown;
-    frontendManifest?: PluginFrontendManifest;
-    config: PluginConfig;
-}
-declare class PluginRegistryService implements OnModuleInit {
-    private readonly modulesContainer;
-    private readonly logger;
-    private readonly pluginsConfig;
-    private plugins;
-    constructor(modulesContainer: ModulesContainer, logger: MagnetLogger, pluginsConfig?: PluginConfig[]);
-    onModuleInit(): void;
-    private discoverPlugins;
-    /**
-     * Get a registered plugin by name
-     */
-    getPlugin(name: string): RegisteredPlugin | undefined;
-    /**
-     * Get all registered plugins
-     */
-    getAllPlugins(): RegisteredPlugin[];
-    /**
-     * Get metadata for all plugins
-     */
-    getPluginMetadata(): PluginMetadata[];
-    /**
-     * Get frontend manifests for all plugins with bundle URLs
-     * Used by admin UI to dynamically load plugin frontends at runtime
-     */
-    getFrontendManifests(): EnrichedPluginManifest[];
-    /**
-     * Get full plugin info for API response
-     */
-    getPluginInfo(name: string): RegisteredPluginInfo | null;
-    /**
-     * Get all plugins info for API response
-     */
-    getAllPluginsInfo(): RegisteredPluginInfo[];
-}
 declare class PluginController {
     private readonly registry;
     constructor(registry: PluginRegistryService);
@@ -2414,464 +2552,6 @@ declare class PluginService implements OnModuleInit {
     executeHook(hookName: string, ...args: unknown[]): Promise<unknown[]>;
 }
-/**
- * Permission schema for persisting discovered permissions.
- *
- * Permissions are auto-registered from:
- * - Schema definitions (CRUD)
- * - Controller methods (@RequirePermission)
- * - Plugins
- * - System definitions
- *
- * Used for validation when assigning permissions to roles.
- */
-declare class Permission {
-    /**
-     * Unique permission identifier (e.g., 'content.cat.create', 'roles.find')
-     * This is the key used when assigning permissions to roles.
-     */
-    permissionId: string;
-    /**
-     * Human-readable name for the admin UI
-     */
-    name: string;
-    /**
-     * Description for the admin UI
-     */
-    description?: string;
-    /**
-     * Group for organization (e.g., 'Content', 'Users', 'Settings')
-     */
-    group?: string;
-    /**
-     * API identifier (e.g., 'api::posts', 'plugin::content-builder', 'system::users')
-     */
-    apiId?: string;
-    /**
-     * Source of this permission
-     */
-    source?: PermissionSource;
-    /**
-     * Controller name if discovered from controller
-     */
-    controller?: string;
-    /**
-     * Method name if discovered from controller
-     */
-    method?: string;
-    /**
-     * Plugin name if from plugin
-     */
-    plugin?: string;
-    /**
-     * Schema name if auto-generated from schema
-     */
-    schema?: string;
-    /**
-     * When this permission was first registered
-     */
-    createdAt: Date;
-    /**
-     * When this permission was last updated
-     */
-    updatedAt?: Date;
-}
-interface ValidatePermissionIdsResult {
-    valid: string[];
-    invalid: string[];
-}
-/**
- * Service for persisting and validating permissions.
- *
- * Permissions are synced from PermissionDiscoveryService on startup
- * and used to validate role permission assignments.
- */
-declare class PermissionService {
-    private readonly permissionModel;
-    private readonly logger;
-    constructor(permissionModel: Model<Permission>, logger: MagnetLogger);
-    /**
-     * Upsert a single permission from a definition
-     */
-    upsertFromDefinition(def: PermissionDefinition): Promise<void>;
-    /**
-     * Batch upsert permissions from definitions
-     */
-    upsertMany(definitions: PermissionDefinition[]): Promise<void>;
-    /**
-     * Find a permission by ID
-     */
-    findById(permissionId: string): Promise<Permission | null>;
-    /**
-     * Get all registered permission IDs
-     */
-    findAllIds(): Promise<string[]>;
-    /**
-     * Validate that all permission IDs exist (in DB or can be matched by wildcard)
-     * Returns valid and invalid IDs.
-     */
-    validatePermissionIds(ids: string[], knownIds?: string[]): Promise<ValidatePermissionIdsResult>;
-    private definitionToPermissionData;
-}
-/**
- * Service for discovering all permissions in the system.
- *
- * Permissions are discovered from:
- * 1. Schema definitions - auto-generated CRUD permissions
- * 2. Controller methods - @RequirePermission decorated methods
- * 3. Plugins - permissions defined in plugin manifests
- */
-declare class PermissionDiscoveryService implements OnModuleInit {
-    private readonly discoveryService;
-    private readonly modulesContainer;
-    private readonly pluginRegistry;
-    private readonly permissionService;
-    private permissions;
-    private initialized;
-    constructor(discoveryService: DiscoveryService, modulesContainer: ModulesContainer, pluginRegistry: PluginRegistryService, permissionService: PermissionService);
-    onModuleInit(): Promise<void>;
-    /**
-     * Discover all permissions from schemas, controllers, and plugins
-     */
-    private discoverPermissions;
-    /**
-     * Auto-generate CRUD permissions for each discovered schema
-     */
-    private discoverSchemaPermissions;
-    /**
-     * Discover @RequirePermission decorated methods from controllers
-     */
-    private discoverControllerPermissions;
-    /**
-     * Extract permissions from a controller's methods
-     */
-    private extractControllerPermissions;
-    /**
-     * Discover permissions from registered plugins
-     */
-    private discoverPluginPermissions;
-    /**
-     * Add system-level permissions
-     */
-    private discoverSystemPermissions;
-    /**
-     * Get all discovered permissions
-     */
-    getAll(): PermissionDefinition[];
-    /**
-     * Get a specific permission by ID
-     */
-    get(id: string): PermissionDefinition | undefined;
-    /**
-     * Check if a permission exists
-     */
-    has(id: string): boolean;
-    /**
-     * Get permissions grouped for UI display
-     */
-    getGrouped(): PermissionGroup[];
-    /**
-     * Get permissions categorized by type (for admin UI)
-     * - collectionTypes: schema-based (api::*), each schema = one accordion
-     * - controllers: from @RequirePermission, each controller = one accordion
-     * - plugins: plugin::*
-     * - system: system::*
-     */
-    getCategorized(): CategorizedPermissions;
-    /**
-     * Group controller permissions by controller (each = one accordion)
-     */
-    private groupByController;
-    /**
-     * Get permissions for a specific schema
-     */
-    getSchemaPermissions(schemaName: string): PermissionDefinition[];
-    /**
-     * Get permissions for a specific plugin
-     */
-    getPluginPermissions(pluginName: string): PermissionDefinition[];
-    /**
-     * Mark permissions as checked/unchecked based on role's permissions
-     */
-    markPermissions(groups: PermissionGroup[], rolePermissions: string[]): PermissionGroup[];
-    /**
-     * Check if a permission is enabled (including wildcard matching)
-     */
-    private isPermissionEnabled;
-    /**
-     * Get human-readable action label
-     */
-    private getActionLabel;
-    /**
-     * Format permission ID into a readable name
-     */
-    private formatPermissionName;
-}
-/**
- * DTO for creating a new role
- */
-declare class CreateRoleDto {
-    /**
-     * Role slug (lowercase, no spaces)
-     * Must start with a letter, can contain letters, numbers, and hyphens
-     */
-    name: string;
-    /**
-     * Human-readable display name
-     */
-    displayName: string;
-    /**
-     * Optional description
-     */
-    description?: string;
-    /**
-     * Initial permissions to assign
-     */
-    permissions?: string[];
-}
-/**
- * DTO for duplicating a role
- */
-declare class DuplicateRoleDto {
-    /**
-     * Name for the new role (slug)
-     */
-    name: string;
-    /**
-     * Optional display name for the new role
-     * If not provided, defaults to "Copy of [original]"
-     */
-    displayName?: string;
-}
-/**
- * DTO for updating a role
- */
-declare class UpdateRoleDto {
-    /**
-     * Updated display name
-     */
-    displayName?: string;
-    /**
-     * Updated description
-     */
-    description?: string;
-}
-/**
- * Role schema for storing user roles and their permissions.
- *
- * Roles contain:
- * - A unique name (slug) for programmatic access
- * - A display name for UI
- * - An array of permission IDs
- * - System flag for protecting default roles
- */
-declare class Role {
-    /**
-     * Unique role identifier (slug)
-     * Used for programmatic access (e.g., 'admin', 'editor', 'authenticated')
-     */
-    name: string;
-    /**
-     * Human-readable display name
-     */
-    displayName: string;
-    /**
-     * Role description for admin UI
-     */
-    description?: string;
-    /**
-     * Array of permission IDs assigned to this role
-     * Use '*' for wildcard (all permissions)
-     * Use 'content.*' for category wildcard
-     */
-    permissions: string[];
-    /**
-     * Whether this is a system role (cannot be deleted)
-     * System roles: admin, authenticated, public
-     */
-    isSystem: boolean;
-    /**
-     * User count (computed, not stored)
-     * Populated when listing roles
-     */
-    userCount?: number;
-    /**
-     * When this role was created
-     */
-    createdAt: Date;
-    /**
-     * When this role was last updated
-     */
-    updatedAt?: Date;
-}
-/**
- * Service for managing roles and checking permissions
- */
-declare class RoleService implements OnModuleInit {
-    private readonly roleModel;
-    private readonly permissionDiscovery;
-    private readonly permissionService;
-    private readonly eventService;
-    private readonly userService;
-    private readonly logger;
-    private permissionCache;
-    private cacheEnabled;
-    private cacheTTL;
-    constructor(roleModel: Model<Role>, permissionDiscovery: PermissionDiscoveryService, permissionService: PermissionService, eventService: EventService, userService: UserService, logger: MagnetLogger);
-    onModuleInit(): Promise<void>;
-    /**
-     * Ensure default system roles exist
-     */
-    private ensureDefaultRoles;
-    /**
-     * Get all roles
-     */
-    findAll(): Promise<Role[]>;
-    /**
-     * Get all roles with user counts
-     */
-    findAllWithCounts(): Promise<(Role & {
-        userCount: number;
-    })[]>;
-    /**
-     * Get a role by ID
-     */
-    findById(id: string): Promise<Role | null>;
-    /**
-     * Get a role by name
-     */
-    findByName(name: string): Promise<Role | null>;
-    /**
-     * Get a role with all permissions resolved
-     */
-    findByIdWithPermissions(id: string): Promise<RoleWithPermissions>;
-    /**
-     * Get a role by name with all permissions resolved
-     */
-    findByNameWithPermissions(name: string): Promise<RoleWithPermissions>;
-    /**
-     * Create a new role
-     */
-    create(dto: CreateRoleDto): Promise<Role>;
-    /**
-     * Update a role
-     */
-    update(id: string, dto: UpdateRoleDto): Promise<Role>;
-    /**
-     * Update role permissions
-     */
-    updatePermissions(id: string, permissions: string[]): Promise<Role>;
-    /**
-     * Delete a role (non-system roles only)
-     */
-    delete(id: string): Promise<void>;
-    /**
-     * Duplicate a role
-     */
-    duplicate(id: string, dto: DuplicateRoleDto): Promise<Role>;
-    /**
-     * Check if a user has a specific permission
-     */
-    hasPermission(userId: string, permission: string): Promise<boolean>;
-    /**
-     * Check if a role has a specific permission
-     */
-    roleHasPermission(roleName: string, permission: string): Promise<boolean>;
-    /**
-     * Check if a permission list includes a permission (with wildcard support)
-     */
-    checkPermission(rolePermissions: string[], permissionId: string): boolean;
-    /**
-     * Get all permissions a user has
-     */
-    getUserPermissions(userId: string): Promise<string[]>;
-    /**
-     * Assign a role to a user
-     */
-    assignRoleToUser(userId: string, roleName: string): Promise<void>;
-    /**
-     * Get all discovered permissions
-     */
-    getAllPermissions(): CategorizedPermissions;
-    /**
-     * Enable or disable permission caching
-     */
-    setCacheEnabled(enabled: boolean): void;
-    /**
-     * Set cache TTL
-     */
-    setCacheTTL(ttlMs: number): void;
-    /**
-     * Clear the permission cache
-     */
-    clearCache(): void;
-    /**
-     * Invalidate cache for a specific role
-     */
-    private invalidateRoleCache;
-    private getCachedPermission;
-    private setCachedPermission;
-    /**
-     * Resolve a role with all permissions marked
-     */
-    private resolveRolePermissions;
-    /**
-     * Get role ID (handles both string ID and _id from MongoDB)
-     */
-    private getRoleId;
-    /**
-     * Check if a role name is a system role
-     */
-    isSystemRole(roleName: string): boolean;
-}
-/**
- * Guard that checks if the authenticated user has the required permission.
- *
- * Usage:
- * ```typescript
- * @Get()
- * @UseGuards(DynamicAuthGuard, PermissionGuard)
- * @RequirePermission({
- *   id: 'content.posts.find',
- *   name: 'List Posts',
- *   description: 'View list of posts',
- * })
- * async findAll() { ... }
- * ```
- *
- * Supports dynamic permission IDs with placeholders:
- * ```typescript
- * @RequirePermission({
- *   id: 'content.{schema}.find',
- *   name: 'Find',
- * })
- * async find(@Param('schema') schema: string) { ... }
- * ```
- */
-declare class PermissionGuard implements CanActivate {
-    private readonly reflector;
-    private readonly roleService;
-    private readonly logger;
-    constructor(reflector: Reflector, roleService: RoleService, logger: MagnetLogger);
-    canActivate(context: ExecutionContext): Promise<boolean>;
-    /**
-     * Get permission options from decorator or resolved permission
-     */
-    private getPermissionOptions;
-    /**
-     * Resolve dynamic permission placeholders
-     */
-    private resolvePermission;
-}
 /**
  * Interceptor that resolves dynamic permission placeholders.
  *
@@ -3895,4 +3575,4 @@ declare class GeneralSettings {
     fallbackToDefaultLocale: boolean;
 }
-export { API_KEY_PERMISSION_KEY, API_KEY_SCHEMA_KEY, AUTH_CONFIG, AUTH_STRATEGY, Activity, ActivityController, ActivityModule, type ActivitySearchQuery, ActivityService, ActivitySettings, AdminController, AdminModule, AdminService, ApiKey, ApiKeyGuard, type ApiKeyPermissionScope, type ApiKeyRequest, ApiKeyService, ApiKeySettings, type ApiKeyStats, ApiKeyUsage, AssignRoleDto, AuthModule, AuthSettings, CRUD_ACTIONS, ContentController, ContentService, ContentSettings, type CreateActivityDto, CreateApiKeyDto, type CreateApiKeyResult, type CreateDocumentOptions, CreateRoleDto, CreateUserDto, type CrudAction, CurrentApiKey, DEFAULT_ROLES, type DeliveryResult, type Document, type DocumentGroup, type DocumentMetadata, DocumentService, type DocumentStatus, DuplicateRoleDto, DynamicAuthGuard, DynamicPermissionInterceptor, EmailModule, EmailService, EmailVerificationService, EnvironmentController, type EnvironmentItem, EnvironmentModule, EnvironmentService, Environments, type FindDocumentOptions, type FolderInfo, GeneralModule, GeneralSettings, HistoryController, HistoryService, type HttpMethod, JwtAuthGuard, JwtAuthStrategy, type ListDocumentOptions, LocalStorageAdapter, LogUsageDto, Media, MediaFolder, MediaSettings, NOTIFICATION_MODULE_OPTIONS, Notification, NotificationController, NotificationModuleOptions, NotificationService, NotificationSettings, PERMISSION_CATEGORIES, PLUGIN_FRONTEND_MANIFEST, PLUGIN_METADATA, PLUGIN_MODULE, type PaginatedActivities, type PaginatedDeliveries, PaginatedUserResult, PermissionDiscoveryService, PermissionGuard, PermissionService, PluginController, PluginLifecycleService, PluginRegistryService, PluginService, type PublishDocumentOptions, RBACSettings, RBAC_CONFIG, ROLE_MODEL, type RateLimitResult, RequireApiKeyPermission, RequireApiKeySchema, Role, RoleService, STORAGE_ADAPTER, STORAGE_CONFIG, SettingsService, StorageModule, StorageService, TemplateService, USER_EXTENSION_TOKEN, UpdateApiKeyDto, type UpdateDocumentOptions, UpdatePermissionsDto, UpdateRoleDto, UpsertViewConfigDto, User, UserController, UserExtensionService, UserModule, UserService, type ValidatePermissionIdsResult, type VersionDiff, type VersionFieldChange, type VersionSummary, ViewConfig, type ViewConfigColumn, ViewConfigModule, ViewConfigService, WILDCARD_PERMISSION, WebhookListenerService, WebhookModule, WebhookService, WebhookSettings, generateDocumentId, getPluginOptionsToken, isValidDocumentId, locales, timezones };
+export { API_KEY_PERMISSION_KEY, API_KEY_SCHEMA_KEY, AUTH_CONFIG, AUTH_STRATEGY, Activity, ActivityController, ActivityModule, type ActivitySearchQuery, ActivityService, ActivitySettings, AdminController, AdminModule, AdminService, ApiKey, ApiKeyGuard, type ApiKeyPermissionScope, type ApiKeyRequest, ApiKeyService, ApiKeySettings, type ApiKeyStats, ApiKeyUsage, AssignRoleDto, AuthModule, AuthSettings, CACHE_ADAPTER_TOKEN, CACHE_METADATA_KEY, CACHE_TTL_KEY, CRUD_ACTIONS, CacheEvict, type CacheEvictOptions, CacheInterceptor, CachePut, type CachePutOptions, CacheService, CacheSettings, CacheTTL, Cacheable, type CacheableOptions, ContentController, ContentService, ContentSettings, type CreateActivityDto, CreateApiKeyDto, type CreateApiKeyResult, type CreateDocumentOptions, CreateUserDto, type CrudAction, CurrentApiKey, DEFAULT_ROLES, type DeliveryResult, type Document, type DocumentGroup, type DocumentMetadata, DocumentService, type DocumentStatus, DynamicAuthGuard, DynamicPermissionInterceptor, EmailModule, EmailService, EmailVerificationService, EnvironmentController, type EnvironmentItem, EnvironmentModule, EnvironmentService, Environments, type FindDocumentOptions, type FolderInfo, GeneralModule, GeneralSettings, HistoryController, HistoryService, type HttpMethod, JwtAuthGuard, JwtAuthStrategy, type ListDocumentOptions, LocalStorageAdapter, LogUsageDto, Media, MediaFolder, MediaSettings, MemoryCacheAdapter, type MemoryCacheAdapterOptions, NOTIFICATION_MODULE_OPTIONS, Notification, NotificationController, NotificationModuleOptions, NotificationService, NotificationSettings, OptionalDynamicAuthGuard, PERMISSION_CATEGORIES, PLUGIN_FRONTEND_MANIFEST, PLUGIN_METADATA, PLUGIN_MODULE, type PaginatedActivities, type PaginatedDeliveries, PaginatedUserResult, PluginController, PluginLifecycleService, PluginRegistryService, PluginService, type PublishDocumentOptions, RBACSettings, RBAC_CONFIG, ROLE_MODEL, type RateLimitResult, RequireApiKeyPermission, RequireApiKeySchema, STORAGE_ADAPTER, STORAGE_CONFIG, SettingsService, StorageModule, StorageService, TemplateService, USER_EXTENSION_TOKEN, UpdateApiKeyDto, type UpdateDocumentOptions, UpdatePermissionsDto, UpsertViewConfigDto, User, UserController, UserExtensionService, UserModule, UserService, type VersionDiff, type VersionFieldChange, type VersionSummary, ViewConfig, type ViewConfigColumn, ViewConfigModule, ViewConfigService, WILDCARD_PERMISSION, WebhookListenerService, WebhookModule, WebhookService, WebhookSettings, generateDocumentId, getPluginOptionsToken, isValidDocumentId, locales, timezones };